package com.platform.utils;

import java.util.LinkedHashMap;
import java.util.Map;
import java.util.Map.Entry;
import com.platform.xss.SQLFilter;
/**
 * 查询参数
 *
 * @author lipengjun
 * @email 939961241@qq.com
 * @date 2017-03-14 23:15
 */
public class Query extends LinkedHashMap<String, Object> {
    private static final long serialVersionUID = 1L;
    //当前页码
    private int page;
    //每页条数
    private int limit = 10;

    public Query(Map<String, Object> params) {
    	if(params != null) {
	    	for(Entry<String, Object> entry:params.entrySet()) {
	    		if(entry.getValue() == null || "".equals(entry.getValue().toString())) {
	    			continue;
	    		}else {
	    			this.put(entry.getKey(), entry.getValue());
	    		}
	    	}
    	}
        //分页参数
        this.page = Integer.parseInt(params.get("page").toString());
        this.limit = Integer.parseInt(params.get("limit").toString());
        this.put("offset", (page - 1) * limit);
        this.put("page", page);
        this.put("limit", limit);

        //防止SQL注入（因为sidx、order是通过拼接SQL实现排序的，会有SQL注入风险）
        String sidx = params.get("sidx").toString();
        String order = params.get("order").toString();
        this.put("sidx", SQLFilter.sqlInject(sidx));
        this.put("order", SQLFilter.sqlInject(order));
    }

    public Query(Map<String, Object> params,boolean isPage) {
    	if(params != null) {
	    	for(Entry<String, Object> entry:params.entrySet()) {
	    		if(entry.getValue() == null || "".equals(entry.getValue().toString())) {
	    			continue;
	    		}else {
	    			this.put(entry.getKey(), entry.getValue());
	    		}
	    	}
    	}
    	
    	if(isPage) {
            //分页参数
            this.page = Integer.parseInt(params.get("page").toString());
            this.limit = Integer.parseInt(params.get("limit").toString());
            this.put("offset", (page - 1) * limit);
            this.put("page", page);
            this.put("limit", limit);

            //防止SQL注入（因为sidx、order是通过拼接SQL实现排序的，会有SQL注入风险）
            String sidx = params.get("sidx").toString();
            String order = params.get("order").toString();
            this.put("sidx", SQLFilter.sqlInject(sidx));
            this.put("order", SQLFilter.sqlInject(order));
    	}
    }
    
    public int getPage() {
        return page;
    }

    public void setPage(int page) {
        this.page = page;
    }

    public int getLimit() {
        return limit;
    }

    public void setLimit(int limit) {
        this.limit = limit;
    }
}
